Directory Fuzzing

Among all listed tools below , ffuf gave me best results in every scenarios and also use directory-list-2.3-medium.txt for most of common scenarios

Ffuf

Simple Scan

ffuf -w /opt/dirsearch/small.txt -u http://10.10.118.46/FUZZ

Ignoring particular status code

ffuf -w /opt/dirsearch/big.txt -u http://10.10.191.30:80/FUZZ -fc 401

VHOST Fuzzing

ffuf -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-110000.txt -H "Host: FUZZ.horizontall.htb" -u http://horizontall.htb

Extension

ffuf -w /opt/dirsearch/big.txt -u http://bounty.htb/FUZZ -e .asp,.aspx,.txt

GoBuster

Normal Scan

gobuster dir -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -u 10.10.10.56 -x txt,php

Append / to each request

Sometimes it's necessary to look only for directories and not for files so we can append / to every request to look for only directories

Gobuster supports different enumeration modes, including fuzzing and dns, but for now, we'll only rely on the dir mode, which enumerates files and directories. We need to specify the target IP using the -u parameter and a wordlist with -w. The default running threads are 10; we can reduce the amount of traffic by setting a lower number via the -t parameter.

Excluding a particular length:

Providing a pattern:

Create a file with the following lines (lets call it pattern.txt)

Then run the following command:

Simple Curl request:

DirSearch

Some Extension